CCPA/CPRA Indicators
The California Consumer Privacy Act and California Privacy Rights Act apply to businesses serving California residents, with penalties up to $7,500 per intentional violation. SaaSalyst scans your website for CCPA/CPRA-related language, detecting whether your site demonstrates awareness of California privacy requirements.
What SaaSalyst Checks
SaaSalyst searches your page HTML for CCPA/CPRA-related terms including 'ccpa', 'cpra', 'do not sell', 'california privacy', and 'california consumer'. The scanner performs a case-insensitive search across all page content to detect these compliance indicators.
Why This Matters
If your SaaS product is accessible to California residents and your business meets the CCPA threshold (annual gross revenue over $25 million, or handling data of 100,000+ consumers), you must provide specific privacy disclosures and honor consumer data rights.
Even below the threshold, displaying CCPA/CPRA awareness language signals to enterprise buyers that you understand US privacy regulations. Many large companies now require vendor compliance with CCPA regardless of the vendor's size.
California privacy law is increasingly becoming the baseline for US privacy expectations, with similar laws enacted in Colorado, Virginia, Connecticut, and other states.
€5.88B
Cumulative GDPR fines since 2018
CMS GDPR Enforcement Tracker
20+
US states with comprehensive privacy laws
IAPP US State Privacy Legislation Tracker
How to Fix It
- Add a 'Do Not Sell or Share My Personal Information' link to your website footer. CCPA Section 1798.135 requires this for businesses meeting the threshold.
- Include CCPA/CPRA-specific disclosures in your privacy policy: categories of personal information collected, purposes, and consumer rights (access, deletion, opt-out).
- Implement a data subject request process so California residents can exercise their rights under CCPA/CPRA.
- If you use third-party analytics or advertising, disclose whether this constitutes 'selling' or 'sharing' personal information under CPRA definitions.
Frequently Asked Questions
How does SaaSalyst check for CCPA/CPRA compliance?
SaaSalyst scans your page HTML for CCPA/CPRA-related terms including 'ccpa', 'cpra', 'do not sell', 'california privacy', and 'california consumer'. These terms indicate your site acknowledges California privacy requirements.
Does CCPA apply to my small SaaS product?
CCPA applies to for-profit businesses that exceed specific thresholds (revenue, data volume). Even if you're below the threshold, SaaSalyst flags the absence of CCPA indicators because enterprise buyers often require vendor compliance regardless of size.
How do CCPA indicators affect my Business Readiness Score?
SaaSalyst rates CCPA/CPRA indicators as medium severity in the Compliance & Legal category. Missing indicators suggest potential gaps in US privacy compliance, lowering your score for enterprise readiness.
References & Official Sources
Official regulatory and standards sources relevant to the checks SaaSalyst runs on your site.
- GDPR Full Text (EUR-Lex)— European Union
- CCPA Official Page— California Attorney General
- CPPA FAQ— California Privacy Protection Agency
Check Your SaaS Now — Free
SaaSalyst scans your website in 30 seconds and checks for CCPA/CPRA Indicators along with 40+ other business readiness signals.
Scan Your App